CWE-863

High likelihood

Incorrect Authorization

Parent: CWE-285 - Improper Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

3,057 vulnerabilities with CWE-863
CVE-2025-69417 MEDIUM
Plex Media Server <2025-12-31 - Info Disclosure
CVSS 5.0
CVE-2025-69416 MEDIUM
Plex Media Server <2025-12-31 - Info Disclosure
CVSS 5.0
CVE-2025-69414 HIGH
Plex Media Server <1.42.2.10156 - Info Disclosure
CVSS 8.5
CVE-2025-15406 MEDIUM
PHPGurukul Online Course Registration < 3.1 - Missing Authorization
CVSS 6.3
CVE-2025-34467 MEDIUM
ZwiiCMS < 13.7.00 - Authenticated Denial of Service via Administrative Page Lock Persistence
CVSS 4.3
CVE-2025-15390 MEDIUM
PHPGurukul Small CRM < 4.0 - Missing Authorization in /admin/edit-user.php
CVSS 6.3
CVE-2025-14987 MEDIUM
Temporal < 1.29.1 - Incorrect Authorization via Cross-Namespace Workflow Task Commands
CVE-2025-14986 LOW
Temporal 1.24.0-1.29.1 - Incorrect Authorization via Namespace Validation Bypass
CVE-2025-15126 LOW
JeecgBoot < 3.9.0 - Improper Authorization via PositionId Argument in getPositionUserList
CVSS 3.1
CVE-2025-15125 LOW
JeecgBoot < 3.9.0 - Improper Authorization via departId Parameter in queryDepartPermission
CVSS 3.1
CVE-2025-15124 LOW
JeecgBoot < 3.9.0 - Improper Authorization via departId Parameter in sysDepartPermission
CVSS 3.1
CVE-2025-15123 LOW
JeecgBoot < 3.9.0 - Improper Authorization via /sys/sysDepartPermission/datarule/
CVSS 3.1
CVE-2025-15122 LOW
JeecgBoot < 3.9.0 - Improper Authorization via DepartId/RoleId Manipulation
CVSS 3.1
CVE-2025-15120 LOW
JeecgBoot < 3.9.0 - Improper Authorization via getDeptRoleList departId Parameter
CVSS 3.1
CVE-2025-15119 LOW
JeecgBoot < 3.9.0 - Improper Authorization in sys/sysDepartRole/list deptId Parameter
CVSS 3.1
CVE-2025-68941 MEDIUM
Gitea < 1.22.3 - Incorrect Authorization via Limited-Scope API Token
CVSS 4.9
CVE-2025-68940 LOW
Gitea <1.22.5 - Privilege Escalation
CVSS 3.1
CVE-2025-68938 MEDIUM
Gitea < 1.25.2 - Incorrect Authorization for Release Deletion
CVSS 4.3
CVE-2025-15085 MEDIUM
youlai-mall 1.0.0/2.0.0 - Incorrect Privilege Assignment in Balance Handler
CVSS 4.3
CVE-2025-66378 MEDIUM
Pexip Infinity <39.0 - Privilege Escalation
CVSS 5.9
CVE-2025-59683 HIGH
Pexip Infinity 15.0-38.0 - Incorrect Authorization in Secure Scheduler for Exchange
CVSS 8.2
CVE-2025-2515 HIGH
Eclipse Foundation BlueChi < 1.0.0 - Authenticated Privilege Escalation via Systemd Service Unit File Manipulation
CVSS 7.2
CVE-2025-64641 MEDIUM
Mattermost 10.11.0-10.11.7, 10.12.0-10.12.3, 11.0.0-11.0.5, 11.1.0 - Incorrect Authorization via Jira Plugin Post Action
CVSS 4.1
CVE-2025-13767 MEDIUM
Mattermost 10.11.0-10.11.7, 10.12.0-10.12.3, 11.0.0-11.0.5, 11.1.0 - Incorrect Authorization in Jira Plugin
CVSS 4.3
CVE-2025-68476 HIGH
KEDA 2.17.0-2.17.2 and 2.18.0-2.18.2 - Arbitrary File Read via TriggerAuthentication Service Account Token Path
Details
Vulnerabilities 3,057
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits